@jjrawlins/cdk-iam-policy-builder-helper 0.0.52 → 0.0.53

package/node_modules/@aws-sdk/credential-provider-node/dist-cjs/index.js

@@ -1,79 +1,37 @@
-"use strict";
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-
-// src/index.ts
-var index_exports = {};
-__export(index_exports, {
-  credentialsTreatedAsExpired: () => credentialsTreatedAsExpired,
-  credentialsWillNeedRefresh: () => credentialsWillNeedRefresh,
-  defaultProvider: () => defaultProvider
-});
-module.exports = __toCommonJS(index_exports);
+'use strict';
 
-// src/defaultProvider.ts
-var import_credential_provider_env = require("@aws-sdk/credential-provider-env");
+var credentialProviderEnv = require('@aws-sdk/credential-provider-env');
+var propertyProvider = require('@smithy/property-provider');
+var sharedIniFileLoader = require('@smithy/shared-ini-file-loader');
 
-var import_shared_ini_file_loader = require("@smithy/shared-ini-file-loader");
-
-// src/remoteProvider.ts
-var import_property_provider = require("@smithy/property-provider");
-var ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED";
-var remoteProvider = /* @__PURE__ */ __name(async (init) => {
-  const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await Promise.resolve().then(() => __toESM(require("@smithy/credential-provider-imds")));
-  if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) {
-    init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromHttp/fromContainerMetadata");
-    const { fromHttp } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-http")));
-    return (0, import_property_provider.chain)(fromHttp(init), fromContainerMetadata(init));
-  }
-  if (process.env[ENV_IMDS_DISABLED] && process.env[ENV_IMDS_DISABLED] !== "false") {
-    return async () => {
-      throw new import_property_provider.CredentialsProviderError("EC2 Instance Metadata Service access disabled", { logger: init.logger });
-    };
-  }
-  init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromInstanceMetadata");
-  return fromInstanceMetadata(init);
-}, "remoteProvider");
+const ENV_IMDS_DISABLED = "AWS_EC2_METADATA_DISABLED";
+const remoteProvider = async (init) => {
+    const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await import('@smithy/credential-provider-imds');
+    if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) {
+        init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromHttp/fromContainerMetadata");
+        const { fromHttp } = await import('@aws-sdk/credential-provider-http');
+        return propertyProvider.chain(fromHttp(init), fromContainerMetadata(init));
+    }
+    if (process.env[ENV_IMDS_DISABLED] && process.env[ENV_IMDS_DISABLED] !== "false") {
+        return async () => {
+            throw new propertyProvider.CredentialsProviderError("EC2 Instance Metadata Service access disabled", { logger: init.logger });
+        };
+    }
+    init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromInstanceMetadata");
+    return fromInstanceMetadata(init);
+};
 
-// src/defaultProvider.ts
-var multipleCredentialSourceWarningEmitted = false;
-var defaultProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_provider.memoize)(
-  (0, import_property_provider.chain)(
-    async () => {
-      const profile = init.profile ?? process.env[import_shared_ini_file_loader.ENV_PROFILE];
-      if (profile) {
-        const envStaticCredentialsAreSet = process.env[import_credential_provider_env.ENV_KEY] && process.env[import_credential_provider_env.ENV_SECRET];
+let multipleCredentialSourceWarningEmitted = false;
+const defaultProvider = (init = {}) => propertyProvider.memoize(propertyProvider.chain(async () => {
+    const profile = init.profile ?? process.env[sharedIniFileLoader.ENV_PROFILE];
+    if (profile) {
+        const envStaticCredentialsAreSet = process.env[credentialProviderEnv.ENV_KEY] && process.env[credentialProviderEnv.ENV_SECRET];
         if (envStaticCredentialsAreSet) {
-          if (!multipleCredentialSourceWarningEmitted) {
-            const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger" ? init.logger.warn.bind(init.logger) : console.warn;
-            warnFn(
-              `@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING:
+            if (!multipleCredentialSourceWarningEmitted) {
+                const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger"
+                    ? init.logger.warn.bind(init.logger)
+                    : console.warn;
+                warnFn(`@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING:
     Multiple credential sources detected: 
     Both AWS_PROFILE and the pair AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY static credentials are set.
     This SDK will proceed with the AWS_PROFILE value.
@@ -81,67 +39,49 @@ var defaultProvider = /* @__PURE__ */ __name((init = {}) => (0, import_property_
     However, a future version may change this behavior to prefer the ENV static credentials.
     Please ensure that your environment only sets either the AWS_PROFILE or the
     AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY pair.
-`
-            );
-            multipleCredentialSourceWarningEmitted = true;
-          }
+`);
+                multipleCredentialSourceWarningEmitted = true;
+            }
         }
-        throw new import_property_provider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", {
-          logger: init.logger,
-          tryNextLink: true
+        throw new propertyProvider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", {
+            logger: init.logger,
+            tryNextLink: true,
         });
-      }
-      init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv");
-      return (0, import_credential_provider_env.fromEnv)(init)();
-    },
-    async () => {
-      init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO");
-      const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
-      if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
-        throw new import_property_provider.CredentialsProviderError(
-          "Skipping SSO provider in default chain (inputs do not include SSO fields).",
-          { logger: init.logger }
-        );
-      }
-      const { fromSSO } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-sso")));
-      return fromSSO(init)();
-    },
-    async () => {
-      init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni");
-      const { fromIni } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-ini")));
-      return fromIni(init)();
-    },
-    async () => {
-      init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess");
-      const { fromProcess } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-process")));
-      return fromProcess(init)();
-    },
-    async () => {
-      init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile");
-      const { fromTokenFile } = await Promise.resolve().then(() => __toESM(require("@aws-sdk/credential-provider-web-identity")));
-      return fromTokenFile(init)();
-    },
-    async () => {
-      init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider");
-      return (await remoteProvider(init))();
-    },
-    async () => {
-      throw new import_property_provider.CredentialsProviderError("Could not load credentials from any providers", {
-        tryNextLink: false,
-        logger: init.logger
-      });
     }
-  ),
-  credentialsTreatedAsExpired,
-  credentialsWillNeedRefresh
-), "defaultProvider");
-var credentialsWillNeedRefresh = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0, "credentialsWillNeedRefresh");
-var credentialsTreatedAsExpired = /* @__PURE__ */ __name((credentials) => credentials?.expiration !== void 0 && credentials.expiration.getTime() - Date.now() < 3e5, "credentialsTreatedAsExpired");
-// Annotate the CommonJS export names for ESM import in node:
-
-0 && (module.exports = {
-  defaultProvider,
-  credentialsWillNeedRefresh,
-  credentialsTreatedAsExpired
-});
+    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv");
+    return credentialProviderEnv.fromEnv(init)();
+}, async () => {
+    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO");
+    const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
+    if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
+        throw new propertyProvider.CredentialsProviderError("Skipping SSO provider in default chain (inputs do not include SSO fields).", { logger: init.logger });
+    }
+    const { fromSSO } = await import('@aws-sdk/credential-provider-sso');
+    return fromSSO(init)();
+}, async () => {
+    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni");
+    const { fromIni } = await import('@aws-sdk/credential-provider-ini');
+    return fromIni(init)();
+}, async () => {
+    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess");
+    const { fromProcess } = await import('@aws-sdk/credential-provider-process');
+    return fromProcess(init)();
+}, async () => {
+    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile");
+    const { fromTokenFile } = await import('@aws-sdk/credential-provider-web-identity');
+    return fromTokenFile(init)();
+}, async () => {
+    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider");
+    return (await remoteProvider(init))();
+}, async () => {
+    throw new propertyProvider.CredentialsProviderError("Could not load credentials from any providers", {
+        tryNextLink: false,
+        logger: init.logger,
+    });
+}), credentialsTreatedAsExpired, credentialsWillNeedRefresh);
+const credentialsWillNeedRefresh = (credentials) => credentials?.expiration !== undefined;
+const credentialsTreatedAsExpired = (credentials) => credentials?.expiration !== undefined && credentials.expiration.getTime() - Date.now() < 300000;
 
+exports.credentialsTreatedAsExpired = credentialsTreatedAsExpired;
+exports.credentialsWillNeedRefresh = credentialsWillNeedRefresh;
+exports.defaultProvider = defaultProvider;

package/node_modules/@aws-sdk/credential-provider-node/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-provider-node",
-  "version": "3.901.0",
+  "version": "3.906.0",
   "description": "AWS credential provider that sources credentials from a Node.JS environment. ",
   "engines": {
     "node": ">=18.0.0"
@@ -31,12 +31,12 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/credential-provider-env": "3.901.0",
-    "@aws-sdk/credential-provider-http": "3.901.0",
-    "@aws-sdk/credential-provider-ini": "3.901.0",
-    "@aws-sdk/credential-provider-process": "3.901.0",
-    "@aws-sdk/credential-provider-sso": "3.901.0",
-    "@aws-sdk/credential-provider-web-identity": "3.901.0",
+    "@aws-sdk/credential-provider-env": "3.906.0",
+    "@aws-sdk/credential-provider-http": "3.906.0",
+    "@aws-sdk/credential-provider-ini": "3.906.0",
+    "@aws-sdk/credential-provider-process": "3.906.0",
+    "@aws-sdk/credential-provider-sso": "3.906.0",
+    "@aws-sdk/credential-provider-web-identity": "3.906.0",
     "@aws-sdk/types": "3.901.0",
     "@smithy/credential-provider-imds": "^4.2.0",
     "@smithy/property-provider": "^4.2.0",

package/node_modules/@aws-sdk/credential-provider-process/dist-cjs/index.js

@@ -1,115 +1,79 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-
-// src/index.ts
-var index_exports = {};
-__export(index_exports, {
-  fromProcess: () => fromProcess
-});
-module.exports = __toCommonJS(index_exports);
-
-// src/fromProcess.ts
+'use strict';
 
+var sharedIniFileLoader = require('@smithy/shared-ini-file-loader');
+var propertyProvider = require('@smithy/property-provider');
+var child_process = require('child_process');
+var util = require('util');
+var client = require('@aws-sdk/core/client');
 
-// src/resolveProcessCredentials.ts
-var import_property_provider = require("@smithy/property-provider");
-var import_shared_ini_file_loader = require("@smithy/shared-ini-file-loader");
-var import_child_process = require("child_process");
-var import_util = require("util");
-
-// src/getValidatedProcessCredentials.ts
-var import_client = require("@aws-sdk/core/client");
-var getValidatedProcessCredentials = /* @__PURE__ */ __name((profileName, data, profiles) => {
-  if (data.Version !== 1) {
-    throw Error(`Profile ${profileName} credential_process did not return Version 1.`);
-  }
-  if (data.AccessKeyId === void 0 || data.SecretAccessKey === void 0) {
-    throw Error(`Profile ${profileName} credential_process returned invalid credentials.`);
-  }
-  if (data.Expiration) {
-    const currentTime = /* @__PURE__ */ new Date();
-    const expireTime = new Date(data.Expiration);
-    if (expireTime < currentTime) {
-      throw Error(`Profile ${profileName} credential_process returned expired credentials.`);
+const getValidatedProcessCredentials = (profileName, data, profiles) => {
+    if (data.Version !== 1) {
+        throw Error(`Profile ${profileName} credential_process did not return Version 1.`);
     }
-  }
-  let accountId = data.AccountId;
-  if (!accountId && profiles?.[profileName]?.aws_account_id) {
-    accountId = profiles[profileName].aws_account_id;
-  }
-  const credentials = {
-    accessKeyId: data.AccessKeyId,
-    secretAccessKey: data.SecretAccessKey,
-    ...data.SessionToken && { sessionToken: data.SessionToken },
-    ...data.Expiration && { expiration: new Date(data.Expiration) },
-    ...data.CredentialScope && { credentialScope: data.CredentialScope },
-    ...accountId && { accountId }
-  };
-  (0, import_client.setCredentialFeature)(credentials, "CREDENTIALS_PROCESS", "w");
-  return credentials;
-}, "getValidatedProcessCredentials");
-
-// src/resolveProcessCredentials.ts
-var resolveProcessCredentials = /* @__PURE__ */ __name(async (profileName, profiles, logger) => {
-  const profile = profiles[profileName];
-  if (profiles[profileName]) {
-    const credentialProcess = profile["credential_process"];
-    if (credentialProcess !== void 0) {
-      const execPromise = (0, import_util.promisify)(import_shared_ini_file_loader.externalDataInterceptor?.getTokenRecord?.().exec ?? import_child_process.exec);
-      try {
-        const { stdout } = await execPromise(credentialProcess);
-        let data;
-        try {
-          data = JSON.parse(stdout.trim());
-        } catch {
-          throw Error(`Profile ${profileName} credential_process returned invalid JSON.`);
+    if (data.AccessKeyId === undefined || data.SecretAccessKey === undefined) {
+        throw Error(`Profile ${profileName} credential_process returned invalid credentials.`);
+    }
+    if (data.Expiration) {
+        const currentTime = new Date();
+        const expireTime = new Date(data.Expiration);
+        if (expireTime < currentTime) {
+            throw Error(`Profile ${profileName} credential_process returned expired credentials.`);
         }
-        return getValidatedProcessCredentials(profileName, data, profiles);
-      } catch (error) {
-        throw new import_property_provider.CredentialsProviderError(error.message, { logger });
-      }
-    } else {
-      throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger });
     }
-  } else {
-    throw new import_property_provider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, {
-      logger
-    });
-  }
-}, "resolveProcessCredentials");
+    let accountId = data.AccountId;
+    if (!accountId && profiles?.[profileName]?.aws_account_id) {
+        accountId = profiles[profileName].aws_account_id;
+    }
+    const credentials = {
+        accessKeyId: data.AccessKeyId,
+        secretAccessKey: data.SecretAccessKey,
+        ...(data.SessionToken && { sessionToken: data.SessionToken }),
+        ...(data.Expiration && { expiration: new Date(data.Expiration) }),
+        ...(data.CredentialScope && { credentialScope: data.CredentialScope }),
+        ...(accountId && { accountId }),
+    };
+    client.setCredentialFeature(credentials, "CREDENTIALS_PROCESS", "w");
+    return credentials;
+};
 
-// src/fromProcess.ts
-var fromProcess = /* @__PURE__ */ __name((init = {}) => async ({ callerClientConfig } = {}) => {
-  init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess");
-  const profiles = await (0, import_shared_ini_file_loader.parseKnownFiles)(init);
-  return resolveProcessCredentials(
-    (0, import_shared_ini_file_loader.getProfileName)({
-      profile: init.profile ?? callerClientConfig?.profile
-    }),
-    profiles,
-    init.logger
-  );
-}, "fromProcess");
-// Annotate the CommonJS export names for ESM import in node:
+const resolveProcessCredentials = async (profileName, profiles, logger) => {
+    const profile = profiles[profileName];
+    if (profiles[profileName]) {
+        const credentialProcess = profile["credential_process"];
+        if (credentialProcess !== undefined) {
+            const execPromise = util.promisify(sharedIniFileLoader.externalDataInterceptor?.getTokenRecord?.().exec ?? child_process.exec);
+            try {
+                const { stdout } = await execPromise(credentialProcess);
+                let data;
+                try {
+                    data = JSON.parse(stdout.trim());
+                }
+                catch {
+                    throw Error(`Profile ${profileName} credential_process returned invalid JSON.`);
+                }
+                return getValidatedProcessCredentials(profileName, data, profiles);
+            }
+            catch (error) {
+                throw new propertyProvider.CredentialsProviderError(error.message, { logger });
+            }
+        }
+        else {
+            throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} did not contain credential_process.`, { logger });
+        }
+    }
+    else {
+        throw new propertyProvider.CredentialsProviderError(`Profile ${profileName} could not be found in shared credentials file.`, {
+            logger,
+        });
+    }
+};
 
-0 && (module.exports = {
-  fromProcess
-});
+const fromProcess = (init = {}) => async ({ callerClientConfig } = {}) => {
+    init.logger?.debug("@aws-sdk/credential-provider-process - fromProcess");
+    const profiles = await sharedIniFileLoader.parseKnownFiles(init);
+    return resolveProcessCredentials(sharedIniFileLoader.getProfileName({
+        profile: init.profile ?? callerClientConfig?.profile,
+    }), profiles, init.logger);
+};
 
+exports.fromProcess = fromProcess;

package/node_modules/@aws-sdk/credential-provider-process/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-provider-process",
-  "version": "3.901.0",
+  "version": "3.906.0",
   "description": "AWS credential provider that sources credential_process from ~/.aws/credentials and ~/.aws/config",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -26,7 +26,7 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/core": "3.901.0",
+    "@aws-sdk/core": "3.906.0",
     "@aws-sdk/types": "3.901.0",
     "@smithy/property-provider": "^4.2.0",
     "@smithy/shared-ini-file-loader": "^4.3.0",